Security Services Manager, CSS (SSM)

Oracle Customer Success Services is looking to hire a Security Services Manager (SSM) to assist with delivering Security and Compliance Services to Cloud Customers.  

Oracle Customer Success Services offers a comprehensive portfolio of security solutions delivered as a service, including identity and access management, and compliance support solutions. Our customers can rely on our expertise in PCI, HIPAA, GDPR, ITAR, FedRAMP, and FDA 21 CFR Part 11 and Good Practices (GxP), to assist them on their compliance journey. Leverage services designed to help protect data and critical applications on premises and in the cloud, while better addressing or maintaining regulatory or internal compliance requirements:

• Vulnerability assessment services that can help provide clear visibility of the risks and vulnerabilities that could impact your or your client’s data security
• Services that help with data protection, including encryption, data masking, database vault, and web-application firewall
• Single sign-on (SSO), identity governance, and identity-management cloud services for your business applications.
• Compliance-specific services:  Payment Card Industry (PCI) Security Service, Oracle Managed Cloud HIPAA services, Validation Services for FDA Part 11 and GxP compliance. 
• OCI security product Cloud Guard, Security zone Monitoring and mitigation

Our goal is to drive managed security service adoption in Oracle Cloud Infrastructure (OCI) / Hybrid Cloud/ for our customers. We accelerate this by showcasing the prowess of Oracle’s cloud technology as well as our valued added engineering solutions that provides highly differentiated service experience to our customers in cloud. 

The ideal candidate should have demonstrable experience in customer facing roles and possess adequate understanding of cybersecurity controls especially in the context of cloud technology. The candidate should be able to articulate the business value of security services to customers.

 

Responsibilities include, but not limited to:

• Act as an expert advisory contact to assist with deployment and ongoing management of a number of Enhanced Security Services, for example (but not limited to):
• Threat & vulnerability management, such as scanning & Penetration Tests
• DB encryption, vaulting and auditing 
• Data masking & redaction 
• Collaborate & partner with internal and customer stakeholders in ensuring obligated security services are delivered seamlessly 
• Chair & participate in periodic service review calls with customer and demonstrate value proposition of security services 
• Respond to customer queries pertaining to security services delivered. Identify opportunities to uplift security posture
• Work closely with cross-functional internal teams, build relationship with service owners, cloud infrastructure engineers
• Keep abreast of evolving security services by taking relevant trainings etc.
• Management of the data gathering tools required to capture detailed information about a customer’s security posture;
• Analysis of the Vulnerability and PenTest output data to validate customer facing material (vulnerability and threat management reports etc..);
• Assisting, and being part of a “center of excellence” (CoE) team in presentation of the reports and the underlying details to the customer contact points, who could be at technical level or higher management / Cxx level;
• Assisting, and being part of the CoE with project management of the technical aspects of the implementation of security products (e.g. encryption, Web Application Firewall, Data Vaulting etc…)
• Work closely with Technical Account Managers (TAMs) to assist them in driving the remediation efforts for the security vulnerabilities

 

Suitable candidates must have 8-10 years of experience to manage the implementation of security services alongside the customer facing skills to manage the ongoing customer relationship.  These attributes are key due to the fact that some services deployed are dynamic and require a strong customer management capability. Security Services Managers must therefore possess both technical and customer management skills in order to be able to achieve these tasks.  The technical skills would comprise:

• Linux – basic navigation and script running skills essential, elementary O.S analysis and script writing skills ideal;
• Windows – basic navigation and script running skills essential; 
• Oracle – knowledge of the components of Oracle infrastructure and their relationship essential, very elementary DBA skills ideal;
• Excellent customer management skills; 
• Nessus Vulnerability Scans – ability to interpret data essential; being able to adapt and suggest optimization for scans ideal;
• Contracts – an elementary understanding of cloud contracts, being able to interpret the same, essential. 
• Comprehensive knowledge working in a previous IT security related role. 
• Understanding of the key concepts of Cloud Computing is essential. 
• CISSP/CISM/CompTIA Security+/ISO 27001 certification is valued for the role (not mandatory); however, candidates will also be considered who possess a sound and demonstrable knowledge of the principals involved in such certifications.

 

Minimum of 8 years experience in information systems, business operations,  or related fields, at least 5 years of which must be from at least one of the following:  Information security risk management; information security program management; Industry/Government security compliance program management (ISO-27001, GDPR, HIPAA, FedRamp, etc.); threat and vulnerability management; incident management and response; security policy development and enforcement; privacy, information security education, training and awareness (ISETA), information security solutions development, etc. required. 
Strong knowledge of:  Cloud architecture and security principles.  Risk Management Frameworks.  *nix and Windows system administration.
Experience with:  Logging and log analysis.  Identity management principles and technology.
Preferred but not required qualifications include:  Bachelor-level university degree in a relevant field from an accredited university, or equivalent.  CISSP, CISM, CISA, CIPP or other equivalent certification.  Comprehensive knowledge of security design for networks, databases, infrastructure, and cloud computing.  Experience writing security incident and vulnerability reports for leadership and other stakeholders.  Ability to effectively communicate and influence secure product and network design in a collaborative environment.  Comprehensive knowledge of digital forensics.  Strong knowledge of web technologies, middleware, database, OS, firewalls, network communication protocols and methods.  Knowledge of encryption technologies and architectures.  Expert level experience in evaluating and assessing security threats across a variety of environments and industries.  Expert level understanding of secure networking principles, routers, switches and load balancers.

As a world leader in cloud solutions, Oracle uses tomorrow’s technology to tackle today’s problems. True innovation starts with diverse perspectives and various abilities and backgrounds.

When everyone’s voice is heard, we’re inspired to go beyond what’s been done before. It’s why we’re committed to expanding our inclusive workforce that promotes diverse insights and perspectives.

We’ve partnered with industry-leaders in almost every sector—and continue to thrive after 40+ years of change by operating with integrity.

Oracle careers open the door to global opportunities where work-life balance flourishes. We offer a highly competitive suite of employee benefits designed on the principles of parity and consistency. We put our people first with flexible medical, life insurance and retirement options. We also encourage employees to give back to their communities through our volunteer programs.

We’re committed to including people with disabilities at all stages of the employment process. If you require accessibility assistance or accommodation for a disability at any point, let us know by calling +1 888 404 2494, option one.

Disclaimer:

Oracle is an Equal Employment Opportunity Employer*. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability and protected veterans’ status, or any other characteristic protected by law. Oracle will consider for employment qualified applicants with arrest and conviction records pursuant to applicable law.

* Which includes being a United States Affirmative Action Employer